Vulnerability related Doubts in Nginx

Valentin V. Bartenev vbart at nginx.com
Tue Mar 22 12:13:22 UTC 2016


On Tuesday 22 March 2016 17:35:19 Zeal Vora wrote:
> Hi
> 
> We are running Nginx version 1.8 ( nginx-1.8.1-1.amzn1.ngx.x86_64 ) in our
> servers. So in the Vulnerability Assessment, Nessus gave report that it is
> vulnerable.
> 
> *Current version :-*        nginx-1.8.1-1.amzn1.ngx.x86_64
> 
> *Fix Version ( According to Nessus ) :-*   nginx-1.8.1-1.26.amzn1
> 
> I don't seem to find the " Fix Version " of Nginx which Nessus suggested.
> 
> Is there any work around for this ?
> 
> Is 1.8 the latest stable version which is available or we can move forward
> with higher one ?
> 
> 
> Any help will be appreciated!

The CVE-2016-0742 that is referenced in the report is fixed in nginx 1.8.1.

See here for the official information:
http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html
http://nginx.org/en/security_advisories.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0742

  wbr, Valentin V. Bartenev



More information about the nginx mailing list